The Utah state legislature has passed a comprehensive privacy act for the state that is similar to ones already enacted in California, Colorado, and Virginia. It is part of a wave of privacy rights efforts taking place worldwide that has started to creep across the US.
The Utah legislation does not contain materially new or different obligations for US companies, but it evidences the increased attention to privacy as a legal right in the US. It also underscores the need for US companies to understand and govern the data they hold -- often on behalf of their customers -- as a matter of operational fact.
Why it Matters
The new breed of privacy laws that started in Europe and California in 2018 create obligations to safeguard personal data from many stakeholders. They apply equally to B2B companies as to B2C companies; indeed, many SMBs are subject to these laws via contract with their large corporate customers. Being ready to demonstrate privacy compliance and pass a security audit is increasingly part of the normal operational posture for SMBs.